We have a requirement to disable aggressive mode on a Cisco ASA5520 we have several Cisco IPSEC Remote VPN clients using pre shared keys, I'm aware that disabling aggressive mode will require digital certificates on the IPSEC VPN clients. Instead of using digital certificates on all the clients would using the Cisco Any Connect VPN client instead of the Cisco IPSEC client allow me to disable aggressive mode on the ASA?
Are there any advantages or disadvantages in using the Cisco Any Connect Client?
Aggressive mode is an alternative in the ISAKMP negotiation process. ISAKMP is part of IPSec. The AnyConnect client uses SSL instead of IPSec. So there is no ISAKMP associated with AnyConnect. So if you transition the clients to AnyConnect you can disable Aggressive mode and not impact any users.
Perhaps the biggest disadvantage is that you have to pay for each SSL VPN client (Anyconnect) and the IPSEC clients are free with the box. If that is not an issue, then Anyconnect would be a good option. It would even support Visa64bit whereas the IPSEC client does not. SSL is also easier to traverse through firewalls.
And as Rick mentioned, SSL VPNs use HTTPS whereas IPSEC VPNs use IPSEC (ESP/UDP 500 etc). So there is no relation between the agressive mode setting and SSL VPNs.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...